From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 415A1C5AE59 for ; Fri, 30 May 2025 02:56:15 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id D8A9D6B0085; Thu, 29 May 2025 22:56:14 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id D61356B0088; Thu, 29 May 2025 22:56:14 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id C779D6B0089; Thu, 29 May 2025 22:56:14 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0017.hostedemail.com [216.40.44.17]) by kanga.kvack.org (Postfix) with ESMTP id A87476B0085 for ; Thu, 29 May 2025 22:56:14 -0400 (EDT) Received: from smtpin02.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay03.hostedemail.com (Postfix) with ESMTP id 256CDE0053 for ; Fri, 30 May 2025 02:56:14 +0000 (UTC) X-FDA: 83498060268.02.619E66B Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by imf25.hostedemail.com (Postfix) with ESMTP id 4E3CBA0002 for ; Fri, 30 May 2025 02:56:12 +0000 (UTC) Authentication-Results: imf25.hostedemail.com; dkim=pass header.d=redhat.com header.s=mimecast20190719 header.b="BHAXQ/q7"; spf=pass (imf25.hostedemail.com: domain of bhe@redhat.com designates 170.10.129.124 as permitted sender) smtp.mailfrom=bhe@redhat.com; dmarc=pass (policy=quarantine) header.from=redhat.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1748573772; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=GwPezpBUIMZVOVHCzCG+3BRCoa4zJY6BARP8ztWbI0Y=; b=m1MIya2WGj/aA5te0176KoTw6MCwoSYulnULP1T20SrWc+X5fF0JAIvzr1bIzGinWjSJEx X12eG3YHbn0IBBdqOW7GXBtk0aexoukE+pQc9pfsLAIS14G8GjcbS06T+RyN4Z8hUYkyFX wAVlYNSAg44LxR1j0jSkCQTH5uPeJwU= ARC-Authentication-Results: i=1; imf25.hostedemail.com; dkim=pass header.d=redhat.com header.s=mimecast20190719 header.b="BHAXQ/q7"; spf=pass (imf25.hostedemail.com: domain of bhe@redhat.com designates 170.10.129.124 as permitted sender) smtp.mailfrom=bhe@redhat.com; dmarc=pass (policy=quarantine) header.from=redhat.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1748573772; a=rsa-sha256; cv=none; b=XXEjrJYQySPWuREawvkJOnDIbude2d9ooTUS15SG3H4iVUiDWJD3w8QB24XKx7tX1nlXUZ HBV3ZYXsRHn9A5YPILyQjTpUcRQAIEmXsntimAlWu+mMvbnl0ttppreA3/NT68UtFow2oA 3Xw0Ug9lM7dKGkfeWwxSOgkGjgFsIt0= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1748573771; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=GwPezpBUIMZVOVHCzCG+3BRCoa4zJY6BARP8ztWbI0Y=; b=BHAXQ/q7VJAqrvDlhdY/iTX2TjjySM+wOt7TKxBnnPz73Ud7jFFYBvudzWVxKlALUhwJAP 3crLlcs5PrvWU1VOwbnTssUJx8Z9rovBg/AHcNfVH2vE5O8VIBIvWX7Cx+5WZ11AXnwFxP k3fxVLSvVVFriGiRBngH339Qf+b5UiM= Received: from mx-prod-mc-05.mail-002.prod.us-west-2.aws.redhat.com (ec2-54-186-198-63.us-west-2.compute.amazonaws.com [54.186.198.63]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-145-LbYxpKf4PV-2sPw4ycAeqg-1; Thu, 29 May 2025 22:56:08 -0400 X-MC-Unique: LbYxpKf4PV-2sPw4ycAeqg-1 X-Mimecast-MFC-AGG-ID: LbYxpKf4PV-2sPw4ycAeqg_1748573767 Received: from mx-prod-int-02.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-02.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.15]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-05.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id 51AED1956089; Fri, 30 May 2025 02:56:06 +0000 (UTC) Received: from localhost (unknown [10.72.112.13]) by mx-prod-int-02.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id 9D8C51955D82; Fri, 30 May 2025 02:56:04 +0000 (UTC) Date: Fri, 30 May 2025 10:56:00 +0800 From: Baoquan He To: Kemeng Shi Cc: akpm@linux-foundation.org, kasong@tencent.com, hannes@cmpxchg.org, linux-mm@kvack.org, linux-kernel@vger.kernel.org Subject: Re: [PATCH 3/4] mm: swap: fix potensial buffer overflow in setup_clusters() Message-ID: References: <20250522122554.12209-1-shikemeng@huaweicloud.com> <20250522122554.12209-4-shikemeng@huaweicloud.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20250522122554.12209-4-shikemeng@huaweicloud.com> X-Scanned-By: MIMEDefang 3.0 on 10.30.177.15 X-Stat-Signature: a9rpnbow8bm4wrn64ikz1qoj46ioi6d1 X-Rspamd-Queue-Id: 4E3CBA0002 X-Rspam-User: X-Rspamd-Server: rspam02 X-HE-Tag: 1748573772-472053 X-HE-Meta: U2FsdGVkX1/NVUGZ3iCj4/8VsovasXXaGBs6qZABf9+IYfjPcGObhPG7HTVPAI7allugMNb4htvSRCf5YWxfnop/ps7VQHN8663v6QILfkSqwHaPgoC3KjQYRwqJGZ+LjY0lK1fpWAjFySq7BdrU1nIgkzkihA+cBTPGgtiNyJ73KlP4mwMu+YsNUe8yM2lqv68n/0YD/DGGpwbdo/xuP3zFw6U0U62qc18Vt4dMRYX4kawsG/VrDzS+TDXpDicJvAu3+ipb1qXOI4ry7Xci0RzPtY1vENCG5hY98v5iVHR7DeIoIUc7IltuCheImuuf2Kk/58gQHgNzi0r3Ja6R1dlv9EED3zzOpz38BbVoFXiKwJ03NwqKiQVbqb0VO82ztaGP8m/k73SuJPBFY4CMfNiJ5ZR44a7RbDzcS8W38Q90xDcCmpJVqMiytZYMnoRp8RMDsdKm+VvNoe89/ES/t5Mlud8dbWf4gcMiLNUPE7JprnoaUxRn/fsujV/6xtYXcRDHNSoXaPd0h8Xsn6VnqVkm8prWbyLPSk9kv8wo8kh0PLE8+oTMrDXE5WbiaWctqLe6TSZTPrVeq4oYTsbZpJWL7iGV2yapv3PNhQ2z7obTK1U38DvG371+JrdqVQN995PayjVxomD5IjdslyupeBygueYOo9prmDRAAQGk00f+zB/ZgzJgDOkbeVBTTc9FcoxbAlTKjhfNjJC7F5OEC+0RLM2hE8h1G5Cu/6BsmS5QXIIJQukk2VbBKHgZKusagyPehmQ6gKgJriiN0Vs2gvEG+35VngBTFaqK9pV+ISFad37wfPBsJ5P4ydBFtqPjrbOd2oECN0L23WXtLHvrEDMJTMnOv12SnN5TjRvn/rG/7ePYhurC2uiEELZubu+RciZoGD01/Mw91sWgRq8V6xSj78T0sYe8MZVNfBbAFTpjSKRTZZHYXadcnrs1/m5HuOg69ChJNO4fkuzVudI c2uKHBcL lRxcuv1UiE6FOVGCfnAetHfW10gr7x5di1P7FDZiaIpEzRN+GbKu7yJPYkmLP0GcyO/QmqUkkpoKfkPql2wkMIj326Ln1jEpPOwjWr0eYk07eYIcb1hWAjnyC4VSZueA9T0H6F63+8ElvL7k2N1PvRzfmk9t1lJ8SchFW4gc5kT8AHKcb77Kb9EU3Ide8IK9yuXRsmoo+c3ff8M0k5ElI64xUUjyshOYpg02hE2yLr518Fw92V7hK0a26699i0QdKISECFoIuuEWtSqGhlqgS4MPyxEOxO0fAbVICvZw4qq73T2PXQTLwqA5TfvX3ykfuIK9EiPXZP71wK75vlOyecMkec+qJ0/VTPGz65o5C8QjnCbaFu2Mv0WekSIvx/Scq+MEG13zqV3I1ag40+fJX2u7sNq51hWQfWs/z8QWuY9hkARRjISkmAa9D0jTNBj1pJTmldRg3/HHFG2pt9w9cCiZum3NcS+WtogZ1P0SUCyexYICDa1wNPU3nPg== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On 05/22/25 at 08:25pm, Kemeng Shi wrote: > In setup_swap_map(), we only ensure badpages are in range (0, last_page]. > As maxpages might be < last_page, setup_clusters() will encounter a > buffer overflow when a badpage is >= maxpages. > Only call inc_cluster_info_page() for badpage which is < maxpages to > fix the issue. > > Fixes: b843786b0bd01 ("mm: swapfile: fix SSD detection with swapfile on btrfs") > Signed-off-by: Kemeng Shi > --- > mm/swapfile.c | 10 +++++++--- > 1 file changed, 7 insertions(+), 3 deletions(-) Reviewed-by: Baoquan He > > diff --git a/mm/swapfile.c b/mm/swapfile.c > index a82f4ebefca3..63ab9f14b2c6 100644 > --- a/mm/swapfile.c > +++ b/mm/swapfile.c > @@ -3208,9 +3208,13 @@ static struct swap_cluster_info *setup_clusters(struct swap_info_struct *si, > * and the EOF part of the last cluster. > */ > inc_cluster_info_page(si, cluster_info, 0); > - for (i = 0; i < swap_header->info.nr_badpages; i++) > - inc_cluster_info_page(si, cluster_info, > - swap_header->info.badpages[i]); > + for (i = 0; i < swap_header->info.nr_badpages; i++) { > + unsigned int page_nr = swap_header->info.badpages[i]; > + > + if (page_nr >= maxpages) > + continue; > + inc_cluster_info_page(si, cluster_info, page_nr); > + } > for (i = maxpages; i < round_up(maxpages, SWAPFILE_CLUSTER); i++) > inc_cluster_info_page(si, cluster_info, i); > > -- > 2.30.0 >